We have defined a VPN boundary group for our remote employees in single site, single server SCCM current branch (1706) setup. Our company's setup is very simple - one server is the site server, DP, and MP. We're all in one building. However we need to define the "VPN" boundary group to be a "slow" link for those that connect remotely.

I cannot find a way to do this in SCCM 1706. Does anyone know how to do this?

KH

There is a way to configure vpn anyconnect logging to track one particular username. Once the user logs in to VPN, the ASA will email the log to email address. I used to knew the website that assisted with this config and I can no longer find it. Does anyone know the syntax for this?

Setting up a site to site vpn with a partner.  We have overlapping networks so we need to setup NAT.  The partner does not want to pass private IP's over the VPN stating that it is best practice to not use private IP's.  Is this best practice?  We have created several vpn's and all have passed private IP's.  The problem we have is our end is on the AWS network and they do not allow NATing in their VPN connections.  Is passing private IP's really a bad thing?  We are limited on our end by AWS but if the partner wants to connect and pass public IP address what are our options?  Traffic will only be initiated one way....from partner to AWS network.  The partner needs to connect to a load balancing device at 192.168.5.100 using port 6500.  If I can't NAT my IP subnet and the partner needs to NAT to a private IP, what are the options?

So, here is my scenario

Currently with 192.168.60.0/24 network set as VLAN200 on a switch, my router is 192.168.60.2.

Got a cisco 2960 switch as 192.168.60.1, and set with default GW 192.168.60.2

However, I need to set a new vlan for a vpn (mikrotik)

Mikrotik ip is 8.20.15.251/24

Ive created a VLAN400, as 8.20.15.0/24 and indicated the ip helper as the mikrotik. After assigning ports to that VLAN, it doesnt acquire IP, neither reach the GW (if I assign static IP to the computer). From the switch, if I try to ping the mikrotik ip, it does not respond (if I connect a computer directly on the mikrotik, I do get an IP, I can access it and even access the VPN services without problems)

Am I missing something?

thank you

Hi,

I'm aware others have had similar issues to mine but none of those fixes resolved my issue.  We have 10 sites, each with a SonicWall (various models).  At site A, we recently switched our primary ISP and now our other sites aren't able to ping the LAN IP address of site A even though the VPN is up and running from site A to the other sites.  The other sites can successfully ping other devices at Site A (such as computers) but not the SonicWall LAN IP.  Site A can ping out normally to any other site.  This issue occurred when we switched ISP.  The settings seem to be correct but something is causing the ping not to go through.  It seems "Ping" is enabled in Site A SW where applicable.  I will appreciate any suggestions.

Hello,

I am trying to fix the issue with ASA firewalls. I have L2L VPN between two ASAs with IP Sec tunnel with IKEv2. The tunnel is working fine for one pair of source IP and dest.IP address.

However, I have another pair of IPs (two servers between the remote LANs) which are included and permitted in the same access-list and crypto map as the working pair of IPs. But they are not able to communicate.

They are also permitted on the access-list which is applied on the inside interface from the LAN.

I can see the Built TCP connection in the ASA real-time log for the working pair of servers, but absolutely no information in the log for the another pair.

In the LAN we have another ASA directly connected which is showing "SYN timeout" after 30 seconds.

It is very strange, because the access-lists for the mentioned pairs of source and destination IPs have the same configuration and are applied the same way, but security association is bulit only for the first one.

I even see hit counts in the access-list permit statements for both communications.

Is it possible, that the issue can be on the remote end of the tunnel (the 3rd ASA on the way for the packet towards the remote LAN)? I don't have the access to the 3rd ASA.

Please help,

I have an environment that resulted in using an AMI VPN Application since their firewall wasn't compatible with the native Amazon VPN Services..  I want to move away from the AMI VPN Appliance and use the native Amazon VPN Services for it's free..  With that said..  Is the Amazon VPN Serivces an AMI or simply a native feature in EC2?  I need to setup a lab.  When I refer to the Amazon VPN service I guess this is the 'virtual private gateway to the VPC' ?

I am trying to work my way through the tricky world of Azure and AD connect. In short I have a central sites with a domain, I have multiple smaller sites with just a few machines. I want to join those machines also to the domain. I was thinking rather than trying to join the machines over a VPN to the domain could I simply create a member server in azure which would allow for the smaller sites to connect directly? Is this even possible

Hi,

I struggling with this issue. I wanted to use the connector provided by Windows which can be download via http://servername/connect
However, it is not compatible with this new version of MacOSX.

Does anyone have experience with setting up vpn connection on a new OSX Mac with Server 2012 Essentials?

Regards,

Hi Team,

My understanding:
When we create a site to site VPN, a route gets created for the destination network pointing to the outside interface based on which the ASA understands that when traffic for this IP arrives, I need to put in across the tunnel.

Query:
Kindly explain the mechanism by which ASA creates this route and also share any documentation if available.

Hi,

I am travelling in main land china and naturally sites like google and YouTube etc are blocked.

I am thinking about getting one of the iOS vpn apps.

My concern is it monitoring my internet data in regards to passwords I type the mail app etc.

What I am thinking is if those programs do the encryption themselves I will be safe and this can't be attacked. SSL sites will be safe.

Are my assumptions correct? Are there any risks at all?

Thanks

Ward

I've got a 5545x that I'm configuring for remote access VPN.  I've done a few 5506's but this is my first 5545.

I initially started with AnyConnect. I could get the client connected, but I couldn't get a ping response.  The client statistics showed control data was being exchanged.  Client data was being sent, but not received.

I wiped and reconfigured and got the exact same results.   Then I tried configuring IPSec for the legacy VPN Client because I can always get that to work. :-)

Exact same results.  Client connects fine but no data.  "show cry ipsec sa" shows pkts decap are increasing but pkts encaps are not.  

I figure that I'm just missing something and I've been looking at it for so long that I'm just not seeing it. Hoping someone can look at this and see a typo or a missing statement that I'm missing.

I've stripped out all the non-essentials and sanitized the output.  If I got overzealous with the stripping and cleaning, let me know and I'll repost.

Thanks.

Don

P.S.  I've added a bunch of... junk that I don't usually have while throwing things at this to see if something sticks.

ip local pool RA_VPN_POOL 192.168.255.1-192.168.255.62 mask 255.255.255.192
ip local pool AnyConnect_VPN_Pool 192.168.255.129-192.168.255.254 mask 255.255.255.192
!
object network VPN-Nets
 subnet 192.168.255.0 255.255.255.0
!
object-group network Inside-Networks
  network-object 10.10.0.0 255.255.0.0
 network-object 192.168.0.0 255.255.0.0
!

Select all Open in new window

…

Devices:
Google Home,
Aruba IAP-305 (RW)
NordVPN


I am trying to set up a VPN for my Google Home so it will register as being in the US. I am currently in Ireland and have purchased a subscription to NordVPN.  From what I understand, a VPN cannot be put on the actual Google Home device.

I currently make a lot of calls to the US. Google Home offers free calls in the US but is not available here in Ireland. This is one of the main things I want to get from my Google Home.

If the net result of the VPN makes Google Home look like its in the US, I do not want the rest of my tech devices to think they are in that location, i.e all of my other tech devices have locations in Ireland.

Regards,
Robbie